Configuring Private VLANs
Configuring a Layer 2 Interface as a Private-VLAN Host Port
Beginning in privileged EXEC mode, follow these steps to configure a Layer 2 interface as a
private-VLAN host port and to associate it with primary and secondary VLANs:
Note
Isolated and community VLANs are both secondary VLANs.
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
no shutdown
Step 4
switchport mode private-vlan host
Step 5
switchport private-vlan host-association
primary_vlan_id secondary_vlan_id
Step 6
end
Step 7
show interfaces [interface-id] switchport
Step 8
copy running-config startup config
This example shows how to configure an interface as a private-VLAN host port, associate it with a
private-VLAN pair, and verify the configuration:
Switch# configure terminal
Switch(config)# interface fastethernet0/22
Switch(config-if)# no shutdown
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 20 25
Switch(config-if)# end
Switch# show interfaces fastethernet0/22 switchport
Name: Fa0/22
Switchport: Enabled
Administrative Mode: private-vlan host
Operational Mode: private-vlan host
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Administrative private-vlan host-association: 20 (VLAN0020) 25 (VLAN0025)
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan:
20 (VLAN0020) 25 (VLAN0025)
<output truncated>
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
12-12
Chapter 12
Purpose
Enter global configuration mode.
Enter interface configuration mode for the Layer 2
interface to be configured.
Enable the port, if necessary. By default, UNIs are
disabled, and NNIs are enabled.
Configure the Layer 2 port as a private-VLAN host port.
Associate the Layer 2 port with a private VLAN.
Return to privileged EXEC mode.
Verify the configuration.
(Optional) Save your entries in the switch startup
configuration file.
Configuring Private VLANs
78-17058-01